将公钥和私钥存储在数据库或密钥库中
我正在制作一个网络服务,它将存储数据库表中每条记录的公钥和私钥。
密钥是使用 Java 制作的,但我不确定是否要创建密钥库或将密钥直接放入数据库中的字段中。
您会推荐什么选项?每种方法有什么好处?
I am making a web service that will store public and private keys for each record in a database table.
The keys are made using Java, but I am unsure weather to create a keystore or place the keys inside fields in the databbase directly.
What option would you recommend and what are the benefits of each method?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
如果您使用密钥库,您将使用一个专门用于保存加密项目(例如密钥和证书)的数据库。
只要有可能,您就不应该尝试重新发明轮子。密钥库足以解决您的问题吗?如果您尝试设计自己的数据库来存储这些工件,您将不得不重新解决在创建数据库(例如 Java 的密钥库)时已经考虑到的问题。
If you use a keystore, you'll be using a database that has been designed to keep encrypted items, such as keys and certificates.
Wherever possible, you shouldn't try and re-invent the wheel. Will a keystore suffice in your problem? If you try and design your own database for storing these artefacts, you're going to have to re-solve problems and issues which were taken into account already when creating databases such as Java's keystore.
您可以为通过 http 发送数据的现有实现提供密钥库,这将获取密钥库并执行所有必要的操作,因此您无需这样做。
对于服务器端身份验证,这将是一个 keystore = KeyStore.getInstance("JKS"),其中包含所有受信任的证书。
对于客户端身份验证,如果适用(您需要自己验证),这样的实现也已经存在
您只需提供您的客户“密钥库”=>这个将包含您的证书及其私钥 => KeyStore.getInstance("PKCS12")
最后你想将这些东西存储到数据库中,这里有点棘手..密钥库是安全的,所以你不能只是把它写掉..你必须使用 keystore.store( OutPutstream,密码)..
我发现最好的是例如:
上面的代码不是100%正确,但它让你很好地理解我的意思,如果你不使用注释,你可以使用另一个方法,但我认为我的观点很清楚;)
You can provide keystores to already existing implementations for data sending over http, which will fetch the keystore and perform all the necessary stuff so you don't have to.
For server-side authentication this would be a keystore = KeyStore.getInstance("JKS"), containing all the trusted certificates.
For client-side authentication, if applicable (you need to verify yourself) also such implementation already exist
where you just provide your client 'keystore' => this one will contain your certificate and it's private key => KeyStore.getInstance("PKCS12")
Then finally you want to store these stuff to database, here it gets a bit tricky.. Keystores are secured, so you can not just write it away.. you have to use the keystore.store(OutPutstream, password)..
What I find best is for instance:
The above code is not 100% correct, but it gives you a good idea of what I mean, If you don't work with annotations, you can do it using another approach but I think my point is clear ;)
为什么每条记录都有私钥?这是非常奇怪的设计。私钥通常由实体(例如人)或代表他们的服务器持有。
Why does each record have a private key? This is very strange design. Private keys see generally held by entities, e.g. People, or servers acting on their behalf.
您可以有一个数据库来存储用户信息而不是密钥,对于密钥,最好使用密钥库。因此 userinfo 可能包含 {name, symmetry pass / hash, ...} 并使用该名称您应该能够识别密钥库中的密钥记录。再次记住,不要使用全局(用户,通行证)来读取密钥库,而是使用用户授予。
you can have a database to store userinfo not keys, for keys it is better to use keystore. so userinfo may contain {name, symmetric pass / hash, ...} and using the name you should be able to identify the key-record in the keystore. Again remember, do not use a global (user,pass) to read the keystore, use the user grant instead.